By Bob Bentley, Director of Product Management, Identity Management Products, Novell
Five years ago, the Identity Management space was still fairly adolescent and, frankly, most customers were not very sophisticated.
In their defense, the products that were hitting the market at that time had a lot of hype around them, a lot of buzz, and vendors were saying a lot of different things about what these products could do. It was confusing and unclear what you could realistically expect from a system.
To make matters worse, once you had purchased a system, implementing it was a laborious and costly process. Basically, you were looking at a multi-year, multi-stage project that would focus on integrating business systems one at a time and one division at a time. And every step called for a lot of manual programming to be done by someone deep down in the code.
Of course, as business conditions changed, as the rules governing who got access to what changed, you’d have to bring the same programmers back in to make changes to the code they had laid down in the first place and this whole process (maintenance and updates) became a development project in its own right. To top it all off, if those programmers weren’t available, then you were in a world of hurt because now you had to scramble to find somebody who could come in and pick up where they left off.
Thankfully, things have changed and Identity Management customers are much more savvy, much more sophisticated, and have much higher expectations. Specifically, they want to know that the solution they buy is not going to cost an arm and a leg, they’re not going to need an army of Java programmers to get it up and running and maintain it over time, and, most importantly, it’s going to do the job they expect it to do fairly simply and easily.
So what happened? Well, the biggest shift we’ve seen is that the core function of the Identity Management system has become very clear in the mind of the customer.
First of all, the system must faithfully assign users to the resources they need in a timely way.
Secondly, it must do so according to policy in a way that can be tracked, monitored, and audited.
Finally, it’s got to do all this in a manner that is governable by people who have been empowered by the business to make decisions about access, provisioning, compliance, and so forth.
Moreover, it can’t be extremely difficult or take a long time to get the system to work the way the business wants or to change things as the business changes.
So how do you meet the expectations of the sophisticated consumer of identity products?
The tack we’ve taken is to put the power of implementation, deployment, and control more directly in the hands of the business user. By making the process a more visual, drag-and-drop experience, customers today can minimize the services of a developer and hand things over to a non-IT, non-developer business analyst who has authority to decide who can have access to what when. That’s a good thing.
What the customer gains here is what got lost in translation before. When the business analyst had to first specify what he wanted, then put that in terms the developer understood, then wait while it was implemented and tested, then wait again while the final result was reconciled with what he wanted in the first place, then staged, then finally rolled out, the business suffered from the very long time and high cost it required to get it done and make it work.
Today with powerful automation tools at their disposal, the sophisticated customer can lay down, configure, automate, and govern the identity management system in a timely, more accurate way that actually makes a real monetary difference to the business (rather than just endlessly ratcheting up IT costs).
An Identity Management system should serve the business, not the other way around. I think you make that possible when you provide business owners with better, more efficient tools that are easier to use.
What other suggestions do you have?